[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: illegal access using ssh

Amish Rughoonundon wrote:

> I was looking at my auth.log file and I saw a bunch of these things: 
> Nov 28 16:22:41 localhost sshd[11363]: Illegal user nobody from
> I was wondering if there is a way to filter the ip allowed to access
> the computer and allow only 1 ip (mine) to do so. Thanks a lot,

Sure!  You could set up a firewall (iptables), but tcpwrappers is
probably easier.  On the server, put this line into /etc/hosts.allow :


(of course, replace with the IP of the computer you want to
permit to log in)

and this line into /etc/hosts.deny :

sshd: ALL

When a new connection attempt is made, the ssh daemon will first check
hosts.allow to see if the host is permitted.  Hence your client system
will be allowed to log in.  If the host isn't listed in hosts.allow,
sshd next checks hosts.deny to see if the host is forbidden.  Since that
file has the entry "ALL", all other hosts will be rejected.  The man
page for hosts_access(5) has more information.

By the way, you can replace the daemon name "sshd" with "ALL" in both
config files, to make this behavior occur for all daemons on the server
that use tcpwrappers.


Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG: public key ID 4F83C751                 Princeton, NJ 08544

Reply to: